Windows - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Windows


Microsoft Warns of Flaws in VM



 By: Dennis Fisher
2002-12-12
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Windows story.


Rate This Article:
Poor Best
Microsoft released fixes for eight new vulnerabilities in its Virtual machine software.

Microsoft Corp. Thursday released fixes for eight new vulnerabilities in its Virtual machine software, the most serious of which gives attackers the ability to take control of vulnerable PCs.

The Microsoft VM is used to run Java applets in Windows environments and ships with most versions of Windows and Internet Explorer.

The most dangerous of the new flaws lies in the way that Java programs access COM objects. The vulnerability allows untrusted applets to access some COM objects, making it possible for an attacker to completely compromise a target system.

Resource Library:
Two of the other vulnerabilities allow a Java applet to disguise the location of its code base. This, in turn, could allow an applet on a Web site—which by default has read access to the folder in which it resides and the folders below it—to mask its location and act as if its located on a users local machine or network share.

There is also a vulnerability that results from the Virtual machines failure to prevent applets from calling a certain set of APIs that provide database access methods. An attacker who exploits this flaw could take any action on a database file, limited only by the local users permissions.

The four other vulnerabilities are less serious, with implications that range from information disclosure to IE crashing.

The VM installs by default with Windows 95, 98 and 98SE, Me, NT 4.0 beginning with Service Pack 1, 2000 and XP from SP 1 on.

The patch for these vulnerabilities is available on the Windows Update Web site.

Microsoft, of Redmond, Wash., also released a patch for a flaw in Windows NT 4.0, 2000 and XP that leads to privilege escalation and another in the Server Message Block protocol in Windows 2000 and XP that allows an attacker to change group policies.



  Reader Comments: Microsoft Warns of Flaws in VM
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Windows Articles          >>> More By Dennis Fisher
 


xv6(VQD/jlݚؖRYZ I)CRϷKgI:ym2q#*rd&9%G jہ)}mk4ruBG;#|6S%o;|9|AL€wɘZqЎZ |>Q0#Lbh9&qIlGtuGpfFN|!Qh] ]( ѼeITߦèuB)P=2pНYBTuK4!QD񺹣Aгv^/ԡcFՉ4!خq 4]"X'[vbB#bF]߂KCHbRvGnwo#205brD2͑G2K*-a{Ӂkux5\ap*)ZPX6n@w(\'p}j bAaSGqH*!)`ōzS˩V| y<@q:/r˺_uo@ׁn܎|wꘇdۻ0Q(8aM c ҇P2zhN-2鰑C\eY7 ;Ͱ-P6ۺZMQjr;}rL>-g`TzÝ5_+U{p#!􏂺lݹVжkE}rvzu~Vp9"A to&3W`jLTV+b>I3Q ;h^X}|\卒^wnFtPdZHs = (2!, [ǽSҺ쵮N>_[g>ߙecfy3ժ?TRJw3D~ ,W7g77MuiSEVN}B'j`BcYuuU?Zz\݃ v&6~b M u ôW{iE!u}Br,OdwJwqN X-t[[9K }#w-? ,_0f k$LJ3i "-C Nf9Ac o4C+D_x0Nu{j5r'@kFkPYXak6R\ 9jb3v!fBſo]HB--\D7h+5USeEI7#DL v23yB(#. g|8JKu5b8aU?~\oV͉2]X]uUjoϋ~ӒKwYx:%ݫe.Zn} 8^%gk,0]ev&tjo/*Ab& ahMh5rF#m@T9n([A0? ; O`p]&; xk0%Ё4a>qj =*3<)»Ч=`Mt &SsjPB<@8oeN˥s }*P CRRT$S]HPw9DJ B!1,`@o%``P aR .<BICvn2K{TKh!+K@fsfd(4{~2 cbB|#'fz(0Vn)!4ӇiЈ4XؽǦg Yl^\'1nuM\f{aMr"Vv6PzT4fs)wdmrn)\ЛvתsNHB/W2 \_&AB5 6u>IVB17O)wj@nix2#wT5 *tr~#J}ݼ~h;h{q#%MAw=E梳x_[lYUo),~+ыpz1(ſakk)\d7m_yʠuiLGy -" IHf(%2=6P, "x ӡEѿ 7Sku . XUM.r` 82ei[FjeMѪ$٬ X;l d A qFIbJ[岖tpuꟸCߵɧ |'7c=dꀥr>L}nssa*/w+ )Z;OZV,֪ 9ɡUT\js3;AaQet5MQ:wC~y>X޻^ab-4,}V~^};݂/]rϘ|pZcv"O`R$a05C#?Ur9MGdBD@%L˧FX j} dENctCNx!,pDZ\TO]XA/, b)GF lȂw!MU,np{u0 XAw5Rh!LbV8&C mVJs4Ey>t.eOdz+:;7~~+ˣU ,;iCf Ma&Fž:nJVT+{>m`7,mCc$ D!cl$2! qlh4h̀*b1-՞o(\*=D$01l*=7S`)S ԓEk4 "+ Τŭ΋h[{[>ݩY g8G9G4u+}[ vjVɍ> N7NYc y0P?OﺪiT׿a&c2 mt*?|l3p곮oU9e:aF(AV =o U0V:=cݸz,YEn;&}琩kC)jx3j@s'DdCNQFXvpT.z'حDN;}p_ .qkRn PT*E0@k@"#f.@C׳@֧.3&^y" Oҧm]sfiZ ^Uc!)zF A0+<=?vG&9NpDkEnER}#8/wb{dy!Qn18JP -Mu>So2MĜ \@"c6?1 chJR*0rBO&.\7t[b tJ)S"\06H PV,OҼe=lI1 iK"ih$bbVFSo{ռܜ6<5ަmƙBƗȚGX,;[ .VlH0_Ӹ\bOD XY+o-yQb}YGJ^KkhVˮU^5@D =Na)/O, fRP*랟:U۶L+t%ZЍN~ڑq eީӊN|mvu+K˅No=>ݾC5.~)TRo<+-R!5"v9KJ*Iyu^ZS@b6%y#YVN Ȧ]Oɾ{kH>dO>^jmtlЇL?G~!а5j7s$8grЇG !4T8pl?|;t71%pRx656y( h4R wV`7lf4Xrv0\9f>c1 \UUyT_FiP<&^&mgk;mU]D>wt0`D7(OC< o ]{?z_7J홼њtu:th!uSMg5D&uIwXL4|H\}gJ+ ݍj Ta _rw@f wnQqD]KGhDy_PnزI`*, E f1/:jQt/I1IQnX]]%ca{/a]#M\`n\*iC!gikR!&r%3vsGom+N5YVL;Ƣ6 n֤k6"KdTASI%W}ޮ8nWCy%)ILq rlLƴ"#Bz'dw,$l/6yަLK -|Cύ'G{Y<0qsFIbyi¹LwCSGE/ApڂI!~#=lFL{}%$6~ƛFםn;4m 7]A=mEi ԥ!aJ4գ[읢Ƒ#-ԆIX#ENteOM -zPYY~$nD LhċE @h,p}ޣiZAvQ9z.kbG(֒J>]WdWO-tz`S}672ՊTKqjDI l g2铉ȟ/?+reͲfKMLן/cRUK ZX:nĎ(-:^Mo "mN'=Mt~D"SD[c] ul<&aX-~Z mNDR&~M@?\fEѧb&YD/F,FY 1t?z)=]޷ߖqQ-򭆽"6ʋ; WBNL;ut '$AP@a}N D-؞iU}c+IJIR6fu iQs-.ә@ʷ\f<¸o2$A#[Ƕ%-x;%E[N,kg|Ͻ+D']]]]]_ ;xo^ۊYbEzJ 3JJx pPzn:xFN+HjQ-U*s5KI0,lk>Yb=Oxfv_= wMnϧѳAlȘ/x׭O֍TUiKWgJHSꆾuSB7|H+׶T:8(UV0#o@F-F?7A\/A!'_)}h_u m0;q[4 V&P@e{F.+8Z|Ñ)ŕ)2KqLaSG{ҍۦVv]@%T*CE7>h&RDɯn`/BPFt~LmQamY~!|xd!AH8 H!)هpZjf֦~%~z>M"r< GOxiC{7\/fRۤTu.N6r1#ʻo̸X׫-<Ù96iR؅5wx4EfIUV O\DuZPٺS{y??_{nnnno-W-Vqe\@6/`3zIBlUf 0C]2)Y VF6BX=8ݼq7Ѧ5_*fp,Hxc $;vFCQZ [{1(L9&!7,ղt!Оb2*ݖc鹦>[x q)HC¸XBoO_lO [h7k,Z!Mz>!z.+fntI7?nvOPҙ۞`3Ak6 VI{[Dof d7lmTk>7JŋV ܔx]zkGk _߉U:q'E7 pRYkq8&ap#emeE2";l~^v.Ǣo#_-?he)$GؽE6K&E.WW> \4s=ݶ˔%.⛽KB%0ߚ'd9?DL2즗A8i}6[ݽ?0Xxm]$5M_r{ul(I#ۀچձևxQ6|XYmmسO']Hܵeb5k35=Ժ ؜^}؆_Yf%eĊt5~~yc>ܹ@?rK^/m#0اrܒ`2^Ӷ뿕$}qicn9 N,C &Hm޼xv1B}p@ aLD7&gM_Mxǥq{Q1C@q,o$rF7}X67݋ ~Vxr̪vmp/ 3QYH`-1]+f?qэa* n'٫Yx KM}.b`0 7~76F;EJ]K>IXCJ:*㇝F5\?ԝNtH)LE|/N&o9M!r,x UN@ -o#kB~qF頢rc[a|^qSUkž1cK-b8>tYWS tqCvHrza!= ʵm~_DiƷ*i.8ؽJe9L Ѝ4>(C^P"^a’KM|1Ir9ڒ|MBl @ע~ MZC O]c)~c) KhWxB,p}&6Ë ʹ<8?텮G6MEfQȢDWDE\sI.Ԫʁ\rO?P/si^,`Ud lW1 {BZīiTesS5_RUBI m|^kik6j=!ѣ`5a~vD7fe|W@O[fkwhP♛U$֝eؓRcˢ-*);,9Be:-@Ixz @kl/3 ?)3$[] 0 CӈU"cMcjj~ZQ)JEw(/9 .{ȕ՚TZIܧF((rР9^va)9Ekɽv=/%=wyJ-ݷgi&RfI Kj erO}TK[\LH`o2o)/ G'+}Ւn4ܵl_g%fJh0 kH 㽽Մo$DXC%~LNt—҉ HuWIkmr9)?3Rm)(Z:w:~1~bK:LEoO0V,-^ayo˪ZMɶ8+΍iJ %N0;c±@DǫHף4 ?R)%_6~mz>sY h#nϪ5wVrM,?z`+"OĈVRR>dD9m&_cBzK#q^1E \TЍBiUewޠ~z*ޟOe~[!ʃVS{Vw>B2ndeH(!4O]Uc `xH$!M+C}N.[7V׺U y|NQ_[3v?M2V,i{Car?!'vq]Q s5(A ]؅يg?7,>Ǹ >B$!i®ͯח]@)b#}D?83*%R H9 dU A_wLYunOKZ&a k(E$7׷@Ɔ;!H 1bx 1)SS+E>gٕa)XU˩cFy^fE+LThpӔ^*\Q / IZ  W}G}`fm WWY^Z{rݾ;u޹RܢԲ[s9|ҹ|־l]]/{#~j3f&SE`94eiE)SC9lꌸ6W㾬w^;K#顱8?/ӝٓ(k.!jb\թ4M؂W?hz 񛧧׭nW[OֆC}~ƫx]fy5h t{ހQ>4rUN.Mo )nu:e+wn|MPߠ5P~IGהw9hpZS~'π>gkчi}k35{ vsGvהϫx_X{@5_Xß(k ?)֔/֔^K5s wf:g ?5F\\+xj?k ]_o Z]֕C>'ߧ5u7kڿY Kuf9k^KxMy9wt_ޯ<+%ٚ(_* XiukWk\)_wW~}u9M+ťfW*7KD앆cn5:Xys/-#y)6L(^XϥY}MJ 4rk 7[yBYQI{2}tȄi>rp崝#&J2o-7cENikz(#s<2g.h{dZ#+mFDgc?#%Y!/Gzʉn)sr-o  pbY@ @9z\pۭ`>J_w-~h/:)7.p{Zӛ;8';Zء%Af~%k"M^L~4) P[4LܸRpoѺD;Fk@-'`<{`ZqF`N= y:I>,lp6kp&!H4oX| Xf {HNQӿkj L=#fhNh{N3r7l cG$MRi% J\?'Hd6#'"(t>eDdU.Ur 0XR^9Q(Fuoo*F0nj=u'a0Vo1 !<tdEҎU|y3sI"oTSثNd@7ʄ̯̅ v2gW+C<ĝ}K\i5]`i`ɮ41lu¿6г*H&#KфY DӼf 6hxqJN),#[ P`t{^]F.t/\șPV=w[p.>y 5qKӳNm$bMenǝZǂK5 D =b7# ?ë`׃ITCxMd⟒GN*C"tVfCq&f%b P|_|n9v/^,uQC͞,39L]Ɛ#LnSx+-sO=%4Id`4s} 0p[ēC{)B9/:dX1W;:2>Ş_ =6g\Rr7 DѱsRF I bsފjd!׶:+2=jSo:h}rWSÃa`a?=V@U} 1*=Xt E,Mav;M,Y{N6 )4M˚HѝyX!%39wv=L籽$(\d~\e;mv 7R,`+Xp|"$7Q @EikN?iwH3ۉd쥽%˷}Yq v|.}zxFZW%4}GRbR'K7"%ioPm JO0K`{ , CQ@&I`c? `vwf9c˖]XQYɶy "<ԼlQF޺qma; +C&bf:γ@W ]r⁜0қ7Q#+nvTg7>5كdt(ĉ0?FuoϳAsl+6[ ![Ic.KE0&(Xp\'AVΙY;m5wm+ A4gX3'cŀp̖s{~k#'>fga:=Y:}/#s!?"LnHl-^^kta( aaɗvX%hַ2b5) Q;)ŃA٥auo-+}viP##켱d74A)|ݫC>-LH|_X-fZ4rwBEbDϝ7f{/E (և_D_rTo tG8C`y;(1LdoμSx _AJ!Onu^btfp7_cρwPy o9/X uǸko^'=^8i}C@c7 Xg˱#Qow2o @ Lm)_/`0N (5h_Urn?3DcbS2 )~yNrEzf}0TVYSF~3a0;_$6ri~\ RwoRZ6(C0+5O N]J7g0RkSVسc,3IJk~~he8*ë#*|,R;i\Hs~N./6.eU1STx" KvHǾىn ziQM}HT=j">%SdnCL1GQ|>",5d ^#@` G]XqG/mç\V -F`nA۰. LGWX^q Ld@@1:D8U;slBֽHcAun[ρ؈労c 'qDDփh!|}t|4FUUb(踂Rp pZNBDI@Z,5Q%23nD`ؓFHRͼ $eY;~fFJpxjnyZ0̍ƽ9i>D֐D@ u.? L#ևd3w #=<\d9sлji(Z@,jySwTZDxm'[Kq@S s1+\e"F| Y'|37 "7EN/\ ᛴJEMǟ ނLsǒe9'#ۿYIx}QKMʨ?cF:It!Rǝ7宧6]nw ϋJ;Q:Β+tӒ'_L0"!_RPƁV+Vʁw xWaEG 2CѴ)3 agW:݀pV2NcZKX2Mn_[p+-FZFw3B"ZKm5dB>8\Eէȕ)>D)o(aħ ѸT\pߴ?t;ׇ{G*qםRTFQܢu:ק,!u w<=m_OW AͼGdPSLCF#|Wy.Hw\j&BV=K!cSLQ1C T+bނbf{Q^ORz ۔́Bo?1nD!WV)C9U$:MgMnf-#+\ R_<~HV>